[tor-talk] SIGAINT email service targeted by 70 bad exit nodes

support at sigaint.org support at sigaint.org
Thu Apr 23 03:03:57 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello tor-talk,

So apparently we have drawn attention to our humble little email service that
mostly lives inside of the Tor network.

Today we reported 58 bad exit nodes to Philipp. He instantly found 12 more
that
we had missed, and there may be even more of them. (Thank you, Philipp!)

FYI: They were added to the BadExit list just hours ago so traffic to them
should dry up.

The attacker had been trying various exploits against our infrastructure over
the past few months. Our exploit mitigations have been sounding various
alarms.

We are confident that they didn't get in. It looks like they resorted to
rewriting the .onion URL located on sigaint.org to one of theirs so they
could
MITM logins and spy in real-time.

The attacker doesn't seem to be after passwords (they probably have some of
them now). We get less than 1 user of 42K complaining about their account
being hijacked every 3 months.

I think we are being targeted by some agency here. That's a lot of exit
nodes.

I know we could SSL sigaint.org, but if it is a state-actor they could just
use one of their CAs and mill a key.

Interestingly, we ended up becoming a sort of canary. Those exit nodes may
have been doing other shady stuff as well.

SIGAINT Admin

P.S. My PGP key is here: http://sigaintevyh2rzvw.onion/pubkey.txt

-----BEGIN PGP SIGNATURE-----
Version: GnuPG

iQIcBAEBAgAGBQJVOGCZAAoJEM1IOzMPil9PMesQAKc2ne7jUfG5BQPrdQw3KN7V
n4Tc3Xa6tPrEZamJZ1bFtU7Urw/3u9ffz6APG1DAIi3j/CeWot0W1zpLHJJQ6CQO
pJ200wjxOwozItDhZQMzTawos6LnWJ+i8P5qJk3/BY9Kt/ve1Jh0QxBTBBQl7SBM
3w4by8axK1wzQkEeKFM5wjlM6Sw1wB2KPBB6ZeVRWXQmTZTE+uXa1tDfuL2f1/2e
4CY+3oec1FXXTcDsxT/2EHBCSRKx+VCXoLyD1rk3h4mWfuh9Xld0ED9l0Bi7WAG2
1EJH/aLzmxs/fDAV0nSWu5aErh1nd45S0TbDG/uPrvAZbWeK9og7ZLJuaPv3Ix2a
JXjU6aQke8sVLDZr9AwDULpb5G0AcbkPGWwLCkgbalnxiuMcWYG/wwcKa66jarJ2
XyV/ewXPFBfByMj25CS79M8DZeDV9U7wBNdLtFufFW5OkpwDyRmAoyeaZYoLWj1/
8lZB9fRWxGuqf3hFwdKwBe8yTfTYjLtNoCHUddyuuIZ2X2PBi1OmmC5lVOOG6C/v
+Pe3+Do1v5zYilT47a8FCf2CfhOLUksCZWL7LQs4774UenIjvQQJNWQAG9IHXxJu
d+zyfUolwWx0lB90MOWobGijxJrwS2reClSOLoJZ6eUdsqgxGenEr4A7jFKTbJOm
+Cc1JX/xRYbRpJ9J/FyK
=r6pc
-----END PGP SIGNATURE-----




More information about the tor-talk mailing list